Mikrotik 951 +usb LTE modem( отваливается WIFI)

Обсуждение ПО и его настройки
Ответить
ya072
Сообщения: 2
Зарегистрирован: 09 апр 2020, 13:28

Приветствую, господа!
Подскажите, имею роутер Rb951 от микротика
Настроил LTE модем как резервный канал, при отвале основного. Все работает, интернет подхватывает от модема, когда ложится основной канал.
На основном канале WIFI работает нормально, но когда отсутствукет проводной интернет и рабртает только через USB модем, устройства по wifi получают не правильный адрес(нет интернета) что может быть?
NAT где-то намудрил?(
Прошу помочь разобраться

Код: Выделить всё

#  # apr/09/2020 13:40:09 by RouterOS 6.46.5
# software id = QHMJ-SJTJ
#
# model = 951Ui-2HnD
# serial number = xxxxx
/interface lte
set [ find ] mac-address=**:**:**:**:** name=lte1
/interface bridge
add admin-mac=**:**:**:**:**:** arp=proxy-arp auto-mac=no comment=defconf \
    fast-forward=no name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
    **:**:**:**:**:**
set [ find default-name=ether2 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
    **:**:**:**:**:** name=ether2-master
set [ find default-name=ether3 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
    **:**:**:**:**:**
set [ find default-name=ether4 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
   **:**:**:**:**:**
set [ find default-name=ether5 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
    **:**:**:**:**:**:**
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    country=russia2 disabled=no frequency=auto mode=ap-bridge radio-name=\
    Fazenda ssid=WIFI wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" \
    group-ciphers=tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
    unicast-ciphers=tkip,aes-ccm wpa2-pre-shared-key=******
/ip ipsec policy group
add name=policy_group1
/ip ipsec profile
set [ find default=yes ] enc-algorithm=aes-256,aes-128,3des
/ip pool
add name=dhcp ranges=192.168.0.15-192.168.0.99
add name=vpn_pool ranges=192.168.0.150-192.168.0.160
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=server1
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none \
    stop-bits=1
/ppp profile
add change-tcp-mss=yes local-address=vpn_pool name=l2tp_profile \
    remote-address=vpn_pool
set *FFFFFFFE dns-server=192.168.0.1 local-address=192.168.0.253 \
    remote-address=192.168.0.252
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge interface=ether2-master
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=*6
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set authentication=mschap2 default-profile=l2tp_profile enabled=yes \
    ipsec-secret=**** use-ipsec=yes
/interface list member
add comment=defconf list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add list=discover
add interface=bridge list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
/ip address
add address=192.168.88.1/24 comment=defconf disabled=yes interface=bridge \
    network=192.168.88.0
add address=**.**1.1**.***/29 interface=ether1 network=**.1**.1**.200
add address=192.168.0.1/24 interface=bridge network=192.168.0.0
/ip dhcp-client
add comment=defconf default-route-distance=3 dhcp-options=clientid,hostname \
    disabled=no interface=lte1
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes servers=85.114.0.81,85.114.2.81
/ip dns static
add address=192.168.88.1 name=router.lan
add address=192.168.88.1 name=router
add address=192.168.0.1 name=router**
/ip firewall address-list
add address=213.170.117.4 list=manage
add address=77.235.218.1 list=manage
add address=192.168.88.0/24 list=manage
add address=213.170.117.254 list=manage
add address=192.168.0.0/24 list=manage
add address=213.170.117.253 list=manage
add address=31.200.205.1 list=manage
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
add action=drop chain=output dst-address=213.170.117.253 out-interface=lte1
add action=accept chain=input src-address-list=manage
add action=reject chain=input dst-port=22,23,80,8291 protocol=tcp \
    reject-with=icmp-network-unreachable
add action=accept chain=input in-interface=lte1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none
add action=dst-nat chain=dstnat dst-address=**5.1**.1**.*** dst-port=8420 log=\
    yes protocol=tcp to-addresses=192.168.0.107 to-ports=8420
add action=netmap chain=dstnat comment="****" dst-port=\
    **16 in-interface=ether1 port="" protocol=tcp to-addresses=192.168.0.51 \
    to-ports=**16
add action=netmap chain=dstnat dst-port=***5 in-interface=ether1 protocol=tcp \
    to-addresses=192.168.0.51 to-ports=***5
/ip route
add comment=main distance=100 gateway=9*.*61.1**.*01
add distance=1 dst-address=213.170.117.253/32 gateway=9*.1**.1**.*01
/ip service
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip socks access
add action=deny src-address=0.0.0.0/0
/ppp secret
add name=**** password=***** profile=l2tp_profile service=l2tp
/system clock
set time-zone-name=Europe/Moscow
/system ntp client
set enabled=yes primary-ntp=213.170.71.126 secondary-ntp=198.60.73.8
/system routerboard settings
set silent-boot=yes
/system scheduler
add interval=30s name="Ether to LTE script" on-event=Ether_to_LTE policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
/system script
add dont-require-permissions=no name=Ether_to_LTE owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    \_Set local variables\r\
    \n:local firstInterface \"ether1\";\r\
    \n:local secondInterface \"lte1\";\r\
    \n:local pingTo1 \"8.8.8.8\";\r\
    \n:local pingTo2 \"77.88.8.8\";\r\
    \n:local pingCount 3;\r\
    \n:local stableConnectFrom 60;\r\
    \n\r\
    \n# Local variables\r\
    \n:local firstInterfaceName \$firstInterface;\r\
    \n:local secondInterfaceName \$secondInterface;\r\
    \n\r\
    \n# Function to cleaning ARP table\r\
    \n:local clearArp do={\r\
    \n    :local dumplist [/ip arp find]\r\
    \n    :foreach i in=\$dumplist do={\r\
    \n        /ip arp remove \$i\r\
    \n    }\r\
    \n    :log warning (\"ARP cleaned\");\r\
    \n}\r\
    \n\r\
    \n# Function reconnect lte1\r\
    \n:local reconnect lte1 do={\r\
    \n\t:log warning (\"Rebooting lte1 before using\");\r\
    \n    /interface lte1 set \$nameInterface disable=yes;\r\
    \n    :delay 1s;\r\
    \n    /interface lte1 set \$nameInterface disable=no;\r\
    \n}\r\
    \n\r\
    \n\r\
    \n:log info (\"Start ping to \$pingTo1 and \$pingTo2\");\r\
    \n\r\
    \n# Check FIRST interface\r\
    \n/interface ethernet {\r\
    \n    :if ( [get \$firstInterface disable] = true) do={\r\
    \n        set \$firstInterface disable=no;\r\
    \n\t\t:delay 2s;\r\
    \n    }\r\
    \n}\r\
    \n\r\
    \n# Check SECOND interface\r\
    \n/interface LTE {\r\
    \n    :if ( [get \$secondInterface disable] = true) do={\r\
    \n        set \$secondInterface disable=no;\r\
    \n\t\t:delay 8s;\r\
    \n    }\r\
    \n}\r\
    \n\r\
    \n/ip route {\r\
    \n    # Set objects to variables\r\
    \n    :set firstInterface [find dst-address=\"0.0.0.0/0\" gateway=\$firstI\
    nterfaceName];\r\
    \n    :set secondInterface [find dst-address=\"0.0.0.0/0\" gateway=\$secon\
    dInterfaceName];\r\
    \n\r\
    \n    # Check routes\r\
    \n    :if ( [get \$firstInterface distance] != 2 ) do={\r\
    \n        set \$firstInterface distance=2;\r\
    \n        :log warning (\"Distance for \" . \$firstInterfaceName . \" corr\
    ected\");\r\
    \n    }\r\
    \n\r\
    \n    :if ( [get \$secondInterface distance] != 1 && [get \$secondInterfac\
    e distance] != 3) do={\r\
    \n        set \$secondInterface distance=3;\r\
    \n        :log warning (\"Distance for \" . \$secondInterfaceName . \" cor\
    rected\");\r\
    \n    }\r\
    \n\r\
    \n    # Get ping successfully packets. In percent\r\
    \n    :local pingStatus \\\r\
    \n        ((( [/ping \$pingTo1 interface=\$firstInterfaceName count=\$ping\
    Count] + \\\r\
    \n        [/ping \$pingTo2 interface=\$firstInterfaceName count=\$pingCoun\
    t] ) / (\$pingCount * 2)) * 100);\r\
    \n\t\r\
    \n\t# Check Internet\r\
    \n    :if (\$pingStatus < \$stableConnectFrom) do={\r\
    \n\r\
    \n        :log error (\"Prostor Telecom no internet!\");\r\
    \n\r\
    \n        # Change distance\r\
    \n        :if ( [get \$secondInterface distance] != 1 ) do={\r\
    \n\t\t    \$reconnectLTE nameInterface=\$secondInterfaceName;\r\
    \n            set \$secondInterface distance=1;\r\
    \n            :log warning (\"Distance for \" . \$secondInterfaceName . \"\
    \_changed\");\r\
    \n            \$clearArp;\r\
    \n\t\t\t\r\
    \n\t\t\t/tool sms send usb1 channel=2 \"+*****\" message=\"Prostor T\
    elecom failure. LTE-modem enabled! Call: +7(4***\";\r\
    \n\r\
    \n\r\
    \n    } else={\r\
    \n        :log warning (\"Main ISP connected\");\r\
    \n        # Change distance\r\
    \n        :if ( [get \$secondInterface distance] != 3 ) do={\r\
    \n\t\t\t/tool sms send usb1 channel=2 \"+***77*9\" message=\"\
    elecom connected. LTE-modem disabled.\";\r\
    \n            set \$secondInterface distance=3;\r\
    \n            :log warning (\"Distance for \" . \$secondInterfaceName . \"\
    \_changed\");\r\
    \n            \$clearArp;\r\
    \n\t\t\r\
    \n    }\r\
    \n}\r\
    \n\r\
    \n:log info (\"End ping\");"
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool netwatch
add down-script="/ip firewall connection remove [find]\
    \n/ip route set [find comment=\"main\"] distance=100\
    \n/interface set lte1 disabled=yes\
    \n/interface set lte1 disabled=no\
    \n" host=213.170.117.253 interval=1m1s up-script="/ip firewall connection \
    remove [find]\
    \n/ip route set [find comment=\"main\"] distance=1\
    \n/interface set lte1 disabled=yes\
    \n/interface set lte1 disabled=no\
    \n"




ya072
Сообщения: 2
Зарегистрирован: 09 апр 2020, 13:28

Проблему решил) можно закрывать) DHCP сервер сдох почему-то. Настроил с нуля на баг фикс прошивке, потом обновил и все взлетело.
Всем спасибо за участие))))


Ответить